How to check and Install only Security Updates in Ubuntu Linux

1. Finding Installed and Available CVEs

To find installed packages and their associated CVEs, you can use the following command:

# dpkg -l | grep '^ii' | awk '{print $2}' | xargs -I{} apt-get changelog {} | grep -i CVE

This command lists installed packages and searches for CVEs in their changelogs. It uses `dpkg` to get the list of installed packages and then uses `apt-get changelog` to display the changelog for each package, filtering for lines containing the term "CVE."

2. Retrieving Changelogs for a Specific CVE

To retrieve changelogs for a specific CVE, you can use the following command:

# apt-get changelog package-name | grep -i CVE-cve-id

Replace "package-name" with the name of the package you want to check, and replace "cve-id" with the desired CVE identifier (e.g., CVE-2020-14145). This command will display changelog entries related to the specified CVE.

3. Checking Available Security Updates and Fixes

To check for available security updates and fixes, you can use the following command:

# sudo apt-get update
# apt list --upgradable | grep "\-security" 

The first command updates the package lists from repositories, and the second command lists packages that have available updates, specifically those related to security updates.

4. Checking Enabled Update Types in Unattended-Upgrades

To check which types of updates are enabled in unattended-upgrades, you can examine the configuration files. The main configuration file is located at:

# /etc/apt/apt.conf.d/20auto-upgrades

You can also look for additional configuration files in the "/etc/apt/apt.conf.d/" directory that start with "50unattended-upgrades" to see more specific settings.

  • Edit file50unattended-upgrades using vi/vim and Modify the line to include only the "security" repository. Edit the line as follows:
    #  Unattended-Upgrade::Allowed-Origins {
  • Save the file and exit the text editor.
  • 5. Installing Security Fixes for a Single Package

    To install security fixes for a specific package, you can use the following command:

    # sudo apt-get install --only-upgrade package-name

    Replace "package-name" with the name of the package you want to update. This command will install the latest available version of the package, including security updates.

    6. Installing Security Fixes for All Packages

    To install security fixes for all packages only, you can use the following command:

    # sudo unattended-upgrade -v

    This command will install only available security updates

    To install security fixes for all packages with available updates, you can use the following command:

    # sudo apt-get upgrade

    This command will upgrade all packages with available updates, including security updates and fixes.


    Regularly checking for security updates, understanding the CVEs associated with installed packages, and promptly installing security patches are essential steps to maintain a secure Ubuntu Linux system.

    If unattended-upgrade has not yet been set up, you can use the wiki link below to install it and configure Ubuntu Linux so that security updates are installed automatically.

    Have a look of setting unattended-upgrade

    ================================================================================== Was this article of use to you? Post your insightful thoughts or recommendations in the comments section if you don't find this article to be helpful or if you see any outdated information, a problem, or a typo to help this article better. ==================================================================================


    I love keeping up with the latest tech trends and emerging technologies like Linux, Azure, AWS, GCP, and other cutting-edge systems. With experience working with various technology tools and platforms, I enjoy sharing my knowledge through writing. I have a talent for simplifying complex technical concepts to make my articles accessible to all readers. Always looking for fresh ideas, I enjoy the challenge of presenting technical information in engaging ways. My ultimate aim is to help readers stay informed and empowered on their tech journeys.

    Post a Comment

    Previous Post Next Post

    Contact Form